Skip navigation
Currently Being Moderated

If my php code lacks security and i use ssl connection is that enough for protecting my website?

Jun 28, 2012 2:32 AM

Tags: #cs6

i mean if my php code lacks security features.....and i am using ssl connection is that enough for protecting my website.....and also tell me about any software which can help me for protecting my php website...thank you:)

 
Replies
  • Currently Being Moderated
    Jun 28, 2012 2:44 AM   in reply to baty gill

    Hi

     

    If the underlying php code is not secure then using ssl is like taking an aspirin  for a cut on your finger, (it may make you feel better, but it will not fix the problem).

     

    Also the use of an ssl certificate from any of the reputable suppliers does require you to ensure that your code is as secure as is reasonably possible, if it is not then the use of the ssl certificate is invalid.

     

    No one expects you to provide the same security as one would expect from a banking site, (unless you are a bank) but basic security and good coding practices should be a given anyway.

     

    PZ

     
    |
    Mark as:
  • Currently Being Moderated
    Jun 28, 2012 10:41 AM   in reply to pziecina

    An SSL certificate only secures the passing of data between the browser and server. There are many other extremely serious vulnerabilities that it does not protect.

     

    Your most important security concern should be any forms that accept user input of any type, especially if the input populates a database. These forms must be protected with validation that sanitizes out malicious code injections. They should also verify that email addresses follow the actual structure of email addresses, that integer fields are really integers, etc.

     

    If your users upload files or images to your site, then you must protect your server from a variety of vulnerabilities, such as malicious code being uploaded to your server that gives hackers server access.

     

    There are many other vulnerabilities to be aware of.

     

    Anyone who figures the hackers would have no interest in their website should examine their server logs to view all the activity coming from Russia, China, etc., such as failed FTP attempts.

     

    Unfortunately there is not any actual software that you can just add to your website to protect it. Your best defence is your own knowledge of the vulnerabilities and the appropriate defences. If you control your server, then the one piece of useful software is a good firewall.

     
    |
    Mark as:
  • Currently Being Moderated
    Jun 28, 2012 11:42 AM   in reply to Rob Hecker2

    Unfortunately there is not any actual software that you can just add to your website to protect it. Your best defense is your own knowledge of the vulnerabilities and the appropriate defenses. If you control your server, then the one piece of useful software is a good firewall.

    Very true.   You can't have enough layers of security these days.

     

    To step things up a notch, we recently added Secure Live to our VPS and Dedicated Servers with good results.    Secure Live is also available for single domains.

    http://www.securelive.net/

     

    PS. I don't work for them.  I just use their product.

     

     

    Nancy O.

    Alt-Web Design & Publishing

    Web | Graphics | Print | Media  Specialists 

    http://alt-web.com/

     
    |
    Mark as:
  • Currently Being Moderated
    Aug 7, 2012 12:06 AM   in reply to pziecina

    Getting a ssl certificate for securing your website is a good choice but getting the right ssl certificate is very important. So get a ssl certificate which provides a strong protection by using best encryption methods , Comodo ssl certificate is having the best encryption methods. If you have a website with more sub domains then go for Wildcard SSL Certificate which is a single ssl certificate that secures all domains.

     
    |
    Mark as:
  • Currently Being Moderated
    Aug 7, 2012 5:39 AM   in reply to willeysher

    Just so there's no misunderstanding, adding SSL to a website that a) collects user input, and b) otherwise has no protection from injection and does not sanitize user input is a useless step.

     
    |
    Mark as:

More Like This

  • Retrieving data ...

Bookmarked By (0)

Answers + Points = Status

  • 10 points awarded for Correct Answers
  • 5 points awarded for Helpful Answers
  • 10,000+ points
  • 1,001-10,000 points
  • 501-1,000 points
  • 5-500 points